Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
X-XSS-Protection
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Xss-Protection
X-Runtime
CF-Ray
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Server
X-Age
X-Ws-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Server-Powered-By
EagleId
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
X-UA-Device
Feature-Policy
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Backend-Server
X-Vhost
X-Readtime
X-Dispatcher
Request-Id
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cache-Lookup
X-Cnection
X-Application-Context
X-HW
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
P3p
Edge-Control
X-Akam-SW-Version
Rating
X-Dns-Prefetch-Control
Pinterest-Generated-By
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TTL
X-Country-Code
X-FTR-Request-ID
X-Varnish-TTL
X-Instart-Request-ID
X-DynaTrace
Accept-Ch
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
Content-MD5
X-ESI
Verso
Service-Worker-Allowed
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Url
X-Vcache
X-B3-TraceId
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Version
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Forwarded-Proto
X-GitHub-Request-Id
X-MS-InvokeApp
RTSS
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Px
X-Abt-Application-Version
X-Debug
X-Server-ID
Ar-Sid
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-Cached
X-NF-Request-ID
X-Navigation-Version
X-Vcap-Request-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-MSEdge-Ref
X-Middleton-Response
X-Middleton-Display
Response
Pagespeed
Display
X-Amz-Rid
X-Sol
X-Accel-Expires
Arr-Disable-Session-Affinity
TCN
X-Fastcgi-Cache
X-SharePointHealthScore
X-Pinterest-Rid
Pinterest-Version
X-VARITI-CCR
X-Fastly-Request-ID
Public-Key-Pins
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Powered-CMS
MS-Author-Via
Nginx-Cache
Cache-Tag
X-Cdn
X-Trace
Realpath
X-Edge-O15-RID
X-Client-IP
X-Ser
Access-Control-Request-Method
X-Content-Type
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
SPRequestDuration
SPIisLatency
X-Amzn-Trace-Id
X-Shard
X-Upstream
X-Jurisdiction
X-Grace
X-Hp-Webp
X-Id
X-DynaTrace-JS-Agent
X-Ezoic-Cdn
X-Forwarded-For
S
Front-End-Https
X-Amz-Meta-S3cmd-Attrs
X-Hits
X-T
X-Cache-TTL
Fastcgi-Cache
Nel
DynaTrace
X-Recruiting
X-Aspnet-Version
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Dw-Request-Base-Id
X-Mobile-URL
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Expires
X-Varnish-Age
MicrosoftSharePointTeamServices
X-FTR-Balancer
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
ServerID
X-DIS-Request-ID
NR-ENABLED
TP-Cache
Server-Node
TP-L2-Cache
X-Goog-Generation
X-Frontend
X-Goog-Metageneration
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-GUploader-UploadID
X-HS-Combine-CSS
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Powered
X-CST
X-Logged-In
Alternate-Protocol
Server-Name
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Correlation-Id
X-Cache-Hit
Upgrade-Insecure-Requests
Fastly-Restarts
X-FTR-Cache-Host
X-Request-Handler-Origin-Region
X-Microsite
X-XRDS-Location
X-Page-Id
X-Request-Processing-Time
AMP-Access-Control-Allow-Source-Origin
X-Request-Received
X-User-Agent
Refresh
X-Zen-Fury
X-Content-Options
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Origin-Server
X-ATS-Timestamp
X-Akamai-Edgescape
Backend-Timing
X-Rid
X-Varnish-Grace
X-XRDS-LOCATION
X-Revision
X-LB-Cache
X-B
X-Content-Powered-By
X-Webkit-Csp
X-Type
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-B3-Sampled
X-Geo-Country
Cache-Status
X-Az
X-Activity-Id
X-AppVersion
X-URL
X-N
X-Kinsta-Cache
X-TT
X-AOL-HN
X-Cache-Action
X-Cache-Age
X-Signature
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Jobs
X-Framework
X-B-Cache
X-Request-Guid
X-FB-Debug
X-Time
Actual-Object-TTL
X-Debug-Info
X-Tumblr-User
X-NWS-LOG-UUID
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Paypal-Debug-Id
X-Instance
X-Git-Hash
X-App-Environment
X-Cached-By
X-PHP-Backend
Fastcgi-Useragent
X-Load-Cache
X-Tt-Trace-Tag
X-Pad
X-Tt-Trace-Host
DC
X-Amz-Replication-Status
X-Shield-Request-Id
X-Varnish-Backend
Host-Header
X-WA-Info
X-ATG-Version
Host
X-RateLimit-Remaining
Surrogate-Key
X-Contextid
MS-CV
X-IPLB-Instance
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Mobile
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kong-Proxy-Latency
X-Host-Name
X-Kong-Upstream-Latency
X-Response-Served-From
X-Accel-Buffering
Accept-CH
NGB
Frame-Options
FilterID
Retry-After
X-FastCGI-Cache
X-Cache-Key
Source
Payment
Tracecode
X-Cache-NE
Xserver
X-SS-Set-Cookie
Eomportal-Instance
Filters
X-Hostname
X-Cache-2
X-Cacheable-TTL
X-Srv
X-Varnish-Server
X-Region
X-Origin-Response-Time
X-GeoIP
X-Rendered-As
X-Is-Bot
X-Cluster
X-Varnish-Hostname
WPE-Backend
X-IPS-LoggedIn
X-Adobe-Content
Cache-Tv-Group
X-FW-Static
X-FW-Hash
X-Cache-Enabled
X-FW-Serve
X-FW-Server
X-Adobe-Loc
X-FW-Type
X-Seen-By
X-RequestSource
Liferay-Portal
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Server-Info
X-NewRelic-App-Data
X-Cache-Operation
X-Cache-Rule
X-Presslabs-Stats
X-ProcessESI
X-RemovedCookies
X-App-Server
X-EdgeConnect-Cache-Status
X-TX-ID
X-Analytics
X-Cache-TTL-Remaining
Accept-CH-Lifetime
Cleartype
X-L-Path
X-Webapp-Samesite-None-Activated-N
X-Environment-Context
X-FireWall-Port
X-B3-Traceid
X-Handled-By
X-RTag
Ms-Operation-Id
X-Endurance-Cache-Level
X-Upgrade-Enabled
X-Source
X-CACHE-KEY
X-HTML-Minification-Powered-By
X-Dc
X-Cache-Server
Srv
From-Origin
X-UA
Accept-Charset
Datacenter
X-Backend-Name
X-UUID
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
X-RN-RSRV
X-APP-VERSION
Meta-Geo
X-Path-Route
Selected-Fe
OT-Force-Account-Verify
X-Timing-Wait
X-Proxy-Build
X-Wix-Request-Id
X-Format
X-Tb
X-Sorting-Hat-ShopId
Healthy
X-PressLabs-Stats
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Section
X-ShardId
X-ShopId
X-Shopify-Generated-Cart-Token
X-EIG-Tracking-Id
X-Proto
X-Access
Cache-Tags
X-Cache-Config
X-Alternate-Cache-Key
X-Content-Age
Node
X-Hl-Ver
X-Akamai-Request-ID
Mn-Server-Ip
X-Request-Time
X-Yottaa-Optimizations
X-ServerID
Ec-Rule-Version
X-Yottaa-Metrics
X-Akamai-Request-ID2
X-Soup
X-Proxy-Cache-Status
X-FC-Vary-Parameters
X-AWS-Id
X-JoinUs
X-VWS-Id
X-Vgn-Hpd-Reason
X-Status
X-SaId
X-Qloud-Router
X-LJ-Flow-ID
NGX
X-Hyper-Cache
X-Locale
X-Hosted-By
X-FW-Dynamic
Akamai-GRN
X-MP-GENERATED-AT
X-NYM-Debug-Backend
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy
X-Origin
X-FB-TRIP-ID
X-Detected-As
X-BYPASS-REASON
X-BCube-Filmed-By
Now
Version
Decoy-Debug-TTL
Decoy-Debug-Status
X-CCM
Cross-Origin-Window-Policy
DB-Nickname
Decoy-Debug-Key
X-Pubstack
X-Loop
X-Web-Node
Origin-Edge-Control
X-SayCDN-TTL
X-Akamai-Transformed
X-Debug-Cache
X-OCL
X-Say-TTL
X-Say-Cacheable
X-PCL
X-Www-Served-By
Origin-Cache-Control
X-TNCMS
X-Viewer-Country
X-Time-Microsecs
X-Storage
GEO-INFO
X-Amzn-Remapped-Content-Length
TWC-Connection-Speed
TWC-Device-Class
X-Site-Version
Webcakes-App-Version
TWC-Locale-Group
S-Rt
Property-Id
X-Redis-Cache
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
Webcakes-Region
X-Generated
X-IP
X-Xfnlog-Site
TWC-GeoIP-Country
X-Varnish-Hits
X-Origin-Hint
X-Human
Azure-InstanceId
X-R9-Blue-Green-Version
X-Generated-By
Azure-RegionName
Azure-Version
Azure-SiteName
Azure-SlotName
X-RCS-CacheZone
X-NCache
X-Cluster-Node
X-Whom
X-Cache-Control
X-Daa-Tunnel
X-Unique-Id
X-RateLimit-Limit
X-Cache-Host
X-UA-Device-Type
Cache-Key
X-Ttl
Cache
X-Drupal-Cache-Tags
X-NGENIX-Cache
X-Rule
Webserver
X-Mode
X-Esi
Section-Io-Cache
X-Forwarded-Host
Time
L5d-Success-Class
Cache-Name
Viewport
X-UnsetCookies
X-CS
X-Info
Content-Disposition
X-VHOST
Accept-Language
Mime-Version
X-Origin-CC
X-ApacheServer
X-Backend-TTL
X-PERF
Rt-Fastcgi-Cache
Uber-Trace-Id
X-Origin-TTL
X-Newrelic-Synthetics
Country
X-Varnish-Cache-Hits
ServedBy
X-CDN-Forward
X-B3-Spanid
X-Cache-Remote
Odigeo-Trace-Id
X-Zipkin-Id
X-EC-Lua
X-Proxied
X-Device-Type
X-Routing-Service
X-VCache
X-Via-Fastly
X-From
X-Magnolia-Registration
X-CLOUD-TRACE-CONTEXT
X-Cluster-Name
X-Uri
Proxy-Connection
X-Microcachable
X-Nc
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
X-Real-IP
HitType
X-Geo
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Geo-Info
X-TT-TIMESTAMP
Cf-Ipcountry
Ohc-File-Size
X-Vtex-Remote-Cache
X-A-Wwc
X-Date
X-Aed
X-GeoIP-Country-Code
X-A-Dgt
X-Request-UUID
X-A-Dcw
X-VG-WebServer
X-Vtex-Processado-Em
X-Region-Sid
X-Application
Xc-Version
X-CF-Lambda-Version
X-External-Request-Id
X-Connection-Hash
X-D
X-DPWN-IS-SECURE
X-G
X-Geo-Header
X-Destination
X-A-Dam
X-B-Cookie
X-CF-Lambda-Fn
X-ARC
X-VG-WebCache
X-SRCache-Key
X-Transaction
T-Server
Content-Script-Type
BehaviorPad-Version
Content-Style-Type
Fastcgi-X-Cache-Version
Meta-Geo-Continent
Mobile-Detection-Method
MD5-Digest
Machine
GEO-REGION-INFO
X-Session-Fingerprint
AsisCache
X-A-Ccd
X-A
X-S
X-Rojux
X-Rewrite-Enabled
X-Vdms-Version
X-S-Cookie
Viewtype
X-ScT
VivaBuild
X-Trv-Group
X-Twitter-Response-Tags
Rendered-Blocks
X-Accel-Expires-Debug
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Labrador-Cache-Channel
X-PHP-Host
X-Cache-Time
Apple-News-Services-Parsed-Url
X-Rebelmouse-Surrogate-Control
X-Rocket-Build-Number
X-Rebelmouse-Cache-Control
Apple-News-Services-Host
Apple-News-Services-Request-Url
Cache-Hits
Apple-News-Services-Handled
Environment
X-Cache-Debug
X-Cache-Expired-At
X-Bip
Powered-By
W
X-Clientip
X-CUA
Fastly-SIE
X-Sigma
Fastly-SWR
X-Developers
IsBot
Countrycode
X-Logging-Id
X-VG-TLSProxy
X-Thanos
X-VC-Cache
X-WebServer
X-Sigma-Backend
X-Var-Ttl
X-SIPLIST1
Group
X-GoCache-CacheStatus
Fastly-SSL
Filterid
X-No-Session
User-Cache-Control
X-C
X-Core-Mission
X-Cms-Context
X-Contensis-Viewer-Groups
X-Debug-Cookies
X-Fetched-On
X-Varnish-Authentication
X-Distil-CS
X-Distributor
X-Eu-Site
X-Dispatcher-Server
Ohc-Cache-HIT
X-Debug-Log
X-Cache-ASPX
X-Agile-Age
X-Agile-Id
X-Air-Hostname
X-Agile
We-Hiring
True-Client-Country-4JS
V-Age
X-App-Name
X-Auto-Login
X-VServer
X-Cache-Tags
X-Cdn-Srv
X-Gamma-Serve
X-Backend-State
X-TrackingId
X-Azure-Ref
X-CGP
X-Hash
X-Trace-Id
X-OVcl
X-OVcl-Cache
X-Tumblr-Pixel-3
X-Up
X-NX-Host
X-Origin-Date
X-Origin-Expires
X-TH-Server
X-Swa-Ws
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Request-URI
X-Proxy-Upstream
X-Platform-Server
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Owner
X-Nginx-Cache-Key
X-Ms-Version
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Urbn-Site-Id
X-IN-APIGATEWAY
X-Hit
X-GeoIP-City
X-Has-Esi
X-Variation
X-Is-Gdpr
X-JWT-State
X-LI-UUID
Server-Surrogate-Control
X-Ms-Request-Id
X-LI-Proto
X-Li-Pop
X-Urbn-Context-Path
X-Li-Fabric
X-Generated-In
X-NodeID
CDCHOST
RNT-Machine
Locale
RNT-Time
Server-Int
Kp-EeAlive
Platform
Pragrma
Locid
Mail-Subject
Country-Code
Request-Country
Request-EU
IBM-Web2-Location
Is-Eu
Heartbleed
Fastly-Soc-X-Request-Id
Server-ID
Gh-Request-Id
Adler-Geo
Fastly-Backend-Name
Cache-Host
HA-Ipaddr
Ha-Gx-Prefs
Server-Cache-Control
AKAMAI
X-Edge-Location
Cdncip
X-Reboot
X-Clara-WADP
X-Cache-URL
Memcached
X-Cache-Info
X-Debug-Cache-Expiry
X-Epic-Correlation-Id
X-Irp-Debug
X-Fastly-Cache
X-FW-Version
X-Generation-Time
FNAC-ModuleRouting
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Cdnsip
X-Matched-Rule
X-Core-Value
X-Level-Front-Cache
X-Req
X-Micro-Cache
X-BBXSRF
Wxu-Next-Hostname
Wxu-Next-Commit
Web-Mar-Node
Wxu-Next-Region
X-Wikidot-Static-Cache
X-Webstats-RespID
X-Wikidot-Backend
X-Block-Status
X-Gen-Mode
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
X-NU-AKA-ACS-Version
X-Hnp-Log
Server-Host
X-We-Are-Hiring
X-WADP-Cache
X-Service
X-ServiceProvider
S-Cnection
X-App-Version
X-Servername
PFcat
X-Server-W
X-Generated-On
X-Trafficlayer-App-Name
X-Thinkindot-L3
ServerName
X-TT-LOGID
X-Trafficlayer-App-Version
X-Trafficlayer-App-Scope
X-AK-Request-ID
X-Nginx-Cache
X-UPSTREAM-Address
X-Cache-Bucket
X-Response-By
X-S-Maxage
X-Lb-Id
X-Old-Content-Length
X-SERVER
X-Render-Time
X-Refresh
RequestId
X-Cache-Backend
X-User
X-Wa
Powered-By-ChinaCache
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Node-Id
X-Oss-Storage-Class
X-Sucuri-ID
X-Varnish-Cacheable
X-CSRF-TOKEN
X-Internal-Host
Origin
X-Key
X-TA-CDN-Provider
X-Parent-Response-Time
User-Agent
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Developer
X-Sucuri-Cache
X-Pjax-Url
X-NC
X-Cache-Status-Check
X-Ua-Device
X-Ua
X-Cache-Grace
X-Cdn-Origin
X-Device-Os
X-CSRF-Token
X-Location
X-LAGOON
X-BACKEND-TTL
X-Sn-Servicetimems
Hostname
X-Tb-Optimization-Total-Bytes-Saved
X-Cdn-Forward
X-Ocache
X-NWS-UUID-VERIFY
X-Pf-Uncompressing
X-CF-Powered-By
Geoip-City
On-Server
Memory
Geoip-Latitude
A
ProcessTime
X-Via-CDN
SRV
X-B3-Parentspanid
Cloudfront-Viewer-Country
TTL
GeoIp-Country-Code
X-MSEdge-Features
X-MSEdge-Flight
X-Request-Host
X-COUNTRY
X-Vcl-Version
PICS-Label
X-NGINX-Cache
X-Correlation-ID
X-Server-IP
X-Unique-ID
X-Webkit-CSP
X-Servedbyhost
X-Varnish-URL
X-Litespeed-Cache
X-B3-SpanId
Cdn
Resin-Trace
Dnion-Transfer-Encoding
X-Varnish-Ttl
X-Rocket-Nginx-Bypass
XServer
X-TIME
X-Ratelimit-Remaining
X-HS-Status
Media-Length
CACHE
M-TraceId
Tcn
SN
X-Cdn-Request-ID
X-FORWARDED-FOR
X-Slack-Backend
X-ServedByHost
Host-ID
X-Action
X-Beluga-Status
X-Via-Ucdn
X-DB
X-Cache-FS-Status
X-Beluga-Trace
X-Dispatch
X-RPM
Who
X-DSS
X-PAYTM-SRV-ID
X-RPS
X-Beluga-Cache-Status
Arc-Country
X-Beluga-Response-Time
X-RSL
X-Cache-Ttl
X-Server-Time
X-Beluga-Node
X-Processor
Pramga
X-DI
X-DW
X-Beluga-Record
HostName
X-ND-Cache
X-Skip-Cache
X-Fastly-Country-Code
Section-Io-Origin-Status
X-Reqid
Section-Io-Origin-Time-Seconds
X-Sucuri-Id
Esi-Enabled
Section-Origin-Responded
X-VCL-Version
GeoIP-Country-Code
Pics-Label
Section-Io-Id
Cdn-Request-Time
X-Edge-Server
X-AIR-PT
NtCoent-Length
X-Served-From
Cdn-Host
X-DC
X-Dynatrace-Js-Agent
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-ABtesting
GeoIP-Latitude
Fastly-Drupal-HTML
X-VarnishDD-TTL
X-Hello
X-Flog
N-Cache
Amp-Access-Control-Allow-Source-Origin
X-Policy
X-Bc-Bl
Ttl
GeoIP-City
MIME-Version
X-Oracle-Dms-Rid
Fusion-Deployment-Id
CF-Cached-On
X-LiteSpeed-Cache-Control
X-Zone
X-Request-Start
X-Azure-Ref-OriginShield
X-Ratelimit-Limit
X-Varnish-Url
X-PF-Uncompressing
X-DevSite-Last-Modified
X-Bc
X-Adobe-Source
X-Newrelic-App-Data
X-FPC
X-APP
X-Backend-Host
Rt-Proxy-Cache
X-HostName
X-Ruxit-Js-Agent
Trailer
WebServer
Cache-Cookie-Set-From
X-PJAX-URL
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-SRV
X-Fastly-Backend-Reqs
X-Swift-Error
X-Dynatrace
X-Method
X-BE
X-Amzn-Remapped-Connection
Magicmarker
X-WA
X-Scheme
Processtime
Cteonnt-Length
X-Amzn-Remapped-Date
X-Fmm-Version
Servername
X-ID
X-Fpc
FSS-Cache
FSS-Proxy
X-BC
Cache-Provider
X-ZONE
X-WR-MODIFICATION
X-Frame-Option
X-Esi-Check
Ohc-Response-Time
Dynatrace
X-Cache-Id
X-StackifyID
X-SN
Requestid
CDN
X-Branch-Name
X-LB-ID
X-Snapshot-Date
CF-IPCountry
X-CACHE-AGE
X-App
L
X-Apw-Access-Action
X-Compress-Hint
X-Tid
WZWS-RAY
Sid
X-Cc-Via
X-Svr
X-Gzip
X-SB
X-Apw-Access-Object
X-Fastly-Cache-Hits
V-Cache
X-Request-Url
X-Aicache-OS
X-SD-PageType
SD-X-WS
X-VC
Release
X-Be
X-Apw-Hits
X-Apw-Access-Token
X-Cc-Req-Id
Lb
D-Cc-Upstream
Warning
X-Litespeed-Cache-Control
SID
LB
X-GEO
X-Cache-NGX
Lfy
X-Powered-Y
X-Request-URL
X-ElasticPress-Search
WP-Super-Cache
X-Worker
Backend-Name
X-Check-Cacheable
Vix-Hermes-Req-Id
X-WPE-Loopback-Upstream-Addr
X-Fastly-Cache-Status
X-Varnish-Beresp-TTL
Correlation-Id
Cneonction